Conventionally, WLAN attack tools exist (such as “free-radius-wpe”) that enable an attacker to spoof a network authentication server or network access server (both used herein interchangeably as NAS) and capture a client network password or password hash for an offline dictionary attack. For example, FreeRADIUS Wireless Pwnage Edition is a tool that enables an attacker to establish a Transport Layer Security (TLS) tunnel with a client that does not validate server certificates, and captures the credentials exchanged within the tunnel. This attack targeting Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) and Protected EAP (EAP-PEAPv0) authenticated wireless clients is unanswered in the wireless intrusion detection industry. Furthermore, if traditional wireless intrusion detection methodology were to be applied to detect these attacks, the signature would be complex and the alarm would be prone to false negatives and false positives. Many enterprise WLANs employ PEAPv0 as an authentication mechanism for their wireless infrastructure. In many deployments, the credentials captured in the attack are identical to a user's domain credentials, for convenience. An attacker can use these credentials to access the wireless network as an authorized user and potentially other corporate resources as well. Disadvantageously, conventional wireless intrusion detection systems (WIDS) and wireless intrusion prevention systems (WIPS) do not detect this attack.